Field
The present invention relates generally to determining whether data stored in an external nonvolatile memory is valid in order to prevent an attack such as a rollback attack.
Background
Current mobile devices use a System-on-Chip (SoC) architecture which is subject to data loss if a device experiences a loss of power due to, for example, a drained or removed battery. To retain the critical data in the event of a power loss, an SoC device may store critical data in external nonvolatile memory (NVM), such as flash memory. The critical data may be a backup of secure data stored in a page or segment of the SoC's internal memory. The critical data may support an added value service such as electronic money, coupon, ticket, Digital Right Object, etc. The external NVM memory is accessible to a Higher Level Operating System (HLOS) and, after a power loss event, the device may be subject to rollback attack (the replacement of current content in the NVM with older content), even in the presence of data encryption/authentication, when the critical data is restored from the NVM.
Embedding the NVM into secure areas of the SoC is not a practical solution to the rollback problem because incompatible semiconductor processes are used for the NVM and the SoC. Securing an external NVM with a key requires that the key be protected which may add significant cost to each mobile device.
There is therefore a need for a technique for countering attacks such as a rollback attack in mobile devices using an SoC architecture.